fix(multicall): resolve critical multicall parsing corruption issues

- Added comprehensive bounds checking to prevent buffer overruns in multicall parsing
- Implemented graduated validation system (Strict/Moderate/Permissive) to reduce false positives
- Added LRU caching system for address validation with 10-minute TTL
- Enhanced ABI decoder with missing Universal Router and Arbitrum-specific DEX signatures
- Fixed duplicate function declarations and import conflicts across multiple files
- Added error recovery mechanisms with multiple fallback strategies
- Updated tests to handle new validation behavior for suspicious addresses
- Fixed parser test expectations for improved validation system
- Applied gofmt formatting fixes to ensure code style compliance
- Fixed mutex copying issues in monitoring package by introducing MetricsSnapshot
- Resolved critical security vulnerabilities in heuristic address extraction
- Progress: Updated TODO audit from 10% to 35% complete

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

tools/math-audit/internal/models/models.go

@@ -0,0 +1,75 @@
+package models
+
+import "fmt"
+
+// DecimalValue represents a quantity with explicit decimals.
+type DecimalValue struct {
+	Value    string `json:"value"`
+	Decimals uint8  `json:"decimals"`
+	Symbol   string `json:"symbol"`
+}
+
+func (d DecimalValue) Validate() error {
+	if d.Value == "" {
+		return fmt.Errorf("decimal value missing raw value")
+	}
+	return nil
+}
+
+// Token describes basic token metadata used by the pricing engine.
+type Token struct {
+	Address  string `json:"address,omitempty"`
+	Symbol   string `json:"symbol"`
+	Decimals uint8  `json:"decimals"`
+}
+
+// Pool encapsulates the static parameters needed to price a pool.
+type Pool struct {
+	Address       string         `json:"address"`
+	Exchange      string         `json:"exchange"`
+	Token0        Token          `json:"token0"`
+	Token1        Token          `json:"token1"`
+	Reserve0      DecimalValue   `json:"reserve0"`
+	Reserve1      DecimalValue   `json:"reserve1"`
+	Fee           *DecimalValue  `json:"fee,omitempty"`
+	SqrtPriceX96  string         `json:"sqrt_price_x96,omitempty"`
+	Tick          string         `json:"tick,omitempty"`
+	Liquidity     string         `json:"liquidity,omitempty"`
+	Amplification string         `json:"amplification,omitempty"`
+	Weights       []DecimalValue `json:"weights,omitempty"`
+}
+
+// TestCase defines an assertion to run against a pool.
+type TestCase struct {
+	Name         string        `json:"name"`
+	Type         string        `json:"type"`
+	InputToken   string        `json:"input_token,omitempty"`
+	OutputToken  string        `json:"output_token,omitempty"`
+	AmountIn     *DecimalValue `json:"amount_in,omitempty"`
+	AmountOut    *DecimalValue `json:"amount_out,omitempty"`
+	Expected     DecimalValue  `json:"expected"`
+	ToleranceBPS float64       `json:"tolerance_bps"`
+}
+
+// Vector bundles a pool with the checks that should hold true.
+type Vector struct {
+	Name        string     `json:"name"`
+	Description string     `json:"description"`
+	Pool        Pool       `json:"pool"`
+	Tests       []TestCase `json:"tests"`
+}
+
+func (v Vector) Validate() error {
+	if v.Name == "" {
+		return fmt.Errorf("vector missing name")
+	}
+	if v.Pool.Exchange == "" {
+		return fmt.Errorf("vector %s missing exchange type", v.Name)
+	}
+	for _, t := range v.Tests {
+		if t.Expected.Value == "" {
+			return fmt.Errorf("vector %s test %s missing expected value", v.Name, t.Name)
+		}
+	}
+	return nil
+}